Lucene search

K

MitreCVELIST:CVE-2017-14174

HistorySep 07, 2017 - 6:00 a.m.

CVE-2017-14174

2017-09-0706:00:00

mitre

www.cve.org

1

7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large “length” field in the header but does not contain sufficient backing data, is provided, the loop over “length” would consume huge CPU resources, since there is no EOF check inside the loop.

References

github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8

github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64

github.com/ImageMagick/ImageMagick/issues/714

lists.debian.org/debian-lts-announce/2019/05/msg00015.html

lists.debian.org/debian-lts-announce/2020/09/msg00007.html

security.gentoo.org/glsa/201711-07

usn.ubuntu.com/3681-1/

7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.6%

Related for CVELIST:CVE-2017-14174

prion1 redhatcve1 debiancve1 veracode1 nvd1 cve1 ubuntucve1 nessus14 openvas7 suse2 osv3 debian3 gentoo1 cloudfoundry1 ubuntu1